Tools
A curated directory of 16 tools we use, evaluate, and recommend across the AI security landscape — with our take on each.
Interactive tool
GDPR + EU AI Act Applicability Wizard →
A branching questionnaire that runs a client-side rules engine over your answers and returns a tailored obligation report — Article 22 trigger, DPIA need, AI Act risk tier and Article 50/52 transparency duties, SCC/transfer flags, and DSAR-for-model-output exposure — each with a severity and a primary-source citation. No data stored; not legal advice.
Regulatory Reference
EU AI Act — Regulation 2024/1689
Our take
Read in full at least once. The recitals (preamble) clarify intent for ambiguous articles.
AI Act Compliance Tracker
Our take
Lower-friction than reading EUR-Lex directly. Update cadence is fast.
EDPB Guidance on AI Models
Our take
Critical for anyone training models on EU-resident data. The guidance is firm even where the law is ambiguous.
NIST AI Risk Management Framework
Our take
Less prescriptive than EU AI Act; more guidance. Useful as a structuring framework even outside US-federal contexts.
ISO/IEC 42001
Our take
Worth pursuing if you sell to enterprises or government. The certification is becoming a procurement signal.
Risk Frameworks
MITRE ATLAS
Our take
Use as the reference taxonomy for adversarial threat modeling. Map your incident response runbooks to ATLAS techniques.
OWASP LLM Top 10
Our take
The most actionable security checklist for LLM apps. Should anchor any application-tier security review.
OECD AI Principles
Our take
Less actionable than NIST or EU AI Act, but useful for cross-jurisdictional alignment.
Compliance Tooling
Drata
Our take
Pricey but saves substantial audit prep time. The 42001 module is recent.
Vanta
Our take
Pick based on integrations. Both vendors are mature; differentiation is mostly UI and pricing.
Credo AI
Our take
Most AI-specific of the governance platforms. Worth evaluating if you have multiple regulated AI systems.
Documentation Templates
Model Cards (Mitchell et al.)
Our take
The de facto standard. Customize per organization but follow the structure.
Datasheets for Datasets (Gebru et al.)
Our take
Companion to model cards. Required for credible disclosure under EU AI Act and most enterprise procurement.
Hugging Face Model Card guide
Our take
Use as the practical template; it integrates with HF model hosting if that's your distribution channel.
Privacy & Data
Microsoft Presidio
Our take
Use upstream of model training and inference for GDPR/CCPA compliance posture.
OpenDP
Our take
Mathematically rigorous; production deployment is non-trivial. Worth it for high-sensitivity data.